The report addresses issues arising from employer, employees, and agent responsibilities under NSW privacy legislation and recommends legislative amendments based upon provisions in other Australian and NSW laws.

“NSW privacy legislation has stood the test of time well, but there are gaps in privacy protections.” said Dr Elizabeth Coombs, A/NSW Privacy Commissioner. “The report, released today, addresses two of these gaps – that is, protections available to individuals when employees of public or private sector covered by the legislation intentionally breach privacy requirements, and when contractors to the public sector do not handle personal information lawfully.”

There has been increased concern around the intentional actions of employees which breach privacy requirements. The Office of the NSW Privacy Commissioner has reviewed a number of privacy complaint investigations concerning the unlawful use of personal information by public sector employees. These incidents are discussed in the Report.

“As NSW privacy legislation does not make provision for mandatory data breach notifications, I am not aware of the full extent of intentional privacy contraventions by agencies’ employees or contractors. But the Queensland Crime and Corruption Commission in 2016 reported a growing number and proportion of complaints about misuse of confidential government information. There is no reason to believe that NSW would be any different. If history is a guide, then we should not forget the 1992 Inquiry by ICAC that revealed a massive illicit trade in government information.”

The recommendations, if adopted, will better secure the privacy rights of individuals in the NSW community.